Re: nginx and python script

Pass {serial} to your proxy from a normal nginx args variable. location /another_script { proxy_pass http://server/cgi-bin/another_script.py? $args } And then you'll likely want to change from environ to the query string. I would also make

IMAP Proxy with TLS Upstream Configuration

the IMAP upstream natively (without needing to configure a port with STARTTLS)? TIA, Jeff mail {     error_log /var/log/nginx/error.log debug;     ssl_certificate path/to/fullchain.pem;     ssl_certificate_key path/to/privkey.pem;     ssl_session_timeout 1d;     ssl_session_cache shared:MozSSL

Re: Wrong content served

In addition to Francis' always helpful ask. You have a domain problem with material.av.domain and it may be from /etc/hosts all the way to public DNS. Or, incorrectly supplied *location-letsencrypt.conf.* If you provide that file contents, you'll likely see your own error as you send it (i've don

Run PHP on NGINX

Can PHP code be run using NGINX? I am new to web server stuff, so just investigating. Thanks ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx Support required

You accepted when you installed it, no one is your support, but if you ask nicely and stop with the FN demands, you may get a little help, as this nice person did. This is not what this type of software is about, and its your bad for not understanding. This is not only for you, but would like it

Re: How to run a shell script on every request?

Can you explain why? I would never tie a script to a request. I post process logs all of the time. If it needs to be in the application, don't force it into Nginx. Strong statement, but would love to hear why? On Fri, Aug 18, 2023 at 9:47 AM Kaushal Shriyan wrote: > Hi, > > I am running nginx

Re: Load Balancing Apache Tomcat with Nginx : (OpenMeetings Cluster using Apache Tomcat Server)

Hi Mr Sergey, Thank you for your email, this was enough helpful for me. Thanks once again. Kind regards, Jeffrey. Le ven. 1 oct. 2021 à 17:09, Sergey A. Osokin a écrit : > Hi Jeffrey, > > On Mon, Sep 27, 2021 at 12:47:53PM +0000, Aom Jeff Root wrote: > > Hi dear, > > >

Load Balancing Apache Tomcat with Nginx : (OpenMeetings Cluster using Apache Tomcat Server)

Hi dear, - I'm student and i work on open source web conferencing project (school project) I choose Openmeetings I work on clustering openmeetings with two nodes and I want to make single access to the group server. I want to use nginx load balancer . How to configure the nginx to make it

Health Check Issue

_header Connection ""; health_check match=iis_up uri=/iisstatus.html; } } upstream map.vt911.net { server 10.212.224.56:80; server 10.212.224.57:80; zone map 64k; } I am not sure if the health check is sending the request to the IP instead of the FQ

Re: Is this an attack or a normal request?

I've seen the rest of this thread, and there are many good ideas, fail2ban is great, i actually use it with wazuh. The best security measure i ever made with wordpress is changing the name of the /admin/login.php and disabling or at least access listing the api. If no one needs api access, shut

Re: Removing Null Character from Query Parameter

no offense to the OP, but i love Maxim. Direct and to the point, and in this case, as usual, he is correct. You should not look at what the requester wants, before understanding what the sender should provide. On Thu, Jun 25, 2020 at 2:18 PM Maxim Dounin wrote: > Hello! > > On Thu, Jun 25, 202

Re: right config for letsencrypt

if its not a lets encrypt request. HAProxy may mean nothing to you, but it shows an alternate configuration. And of course Francis is correct, you need 80 open. HTH Jeff On Sun, Feb 2, 2020 at 5:49 AM Francis Daly wrote: > On Fri, Jan 31, 2020 at 10:33:31PM +0100, bagagerek wrote: > >

Re: How to do location /test/place?id=2

I know this is not an answer to your question, but it begs another, mainly due to the if statement. How many of these are you going to have? https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ You've likely considered this, but if not wanted to throw it out there. Even if you are mo

Re: Do nginx 1.14 and 1.17 have compatible configuration file formats?

This is work that only you can finish. FWIW, i have only had to change my conf files for my benefit over the 1.14 to 1.17, but if you don't do this yourself, you need to ask yourself why and how you can that is correct for your environment. Best Jeff On Mon, Jul 15, 2019 at 8:53 PM Zheng,

Re: packages built for Ubuntu 18.04

Given what that post states and since openssl 1.1.1 hit 18.04 the other day, i'd assume the next build would be based off of 1.1.1? While i use nginx, i terminate SSL at HAProxy, and that is what occurred last week. On Tue, Jun 18, 2019 at 2:17 PM Zeev Tarantov wrote: > The openssl package for

Re: I'm about to embark on creating 12000 vhosts

ut you have to be able to use an ELB, which could change ips at any time. Unfortunately this didn't work for us b/c a few of our larger customers whitelist ips and not domain names. which is why i have stayed with HAProxy. Jeff On Tue, Feb 12, 2019 at 4:04 AM Richard Paul wrote: > Hi Je

Re: I'm about to embark on creating 12000 vhosts

d them via python using a yaml file and nginx would effectively be a jinja2 template. But even that became onerous. When going down the nginx path ensure you pay attention to the variables that control domain hash sizes. http://nginx.org/en/docs/hash.html HTH, good luck! Jeff On Mon, Feb 11, 2019

Re: no TLS1.3 with 1.15.5

Hi. I know this does not solve the problem, but curious if you found a package that was compiled with 1.1.1 or compile it yourself. Generally i like to avoid the later as everything is managed through salt, but am interested in TLSv1.3 Thanks, Jeff On Tue, Nov 6, 2018 at 1:19 PM Maxim Dounin

Re: A fatal 301 redirect...

test.ppp.fr; return 301 https://$server_name$request_uri; } Best, jeff On Mon, Sep 17, 2018 at 6:10 PM Pierre Couderc wrote: > I did use wrongly a 301 redirect > > I have corrected now, but the redirect remains. > > I use wget : > > nous@pcouderc:~$ wget https://www.ppp

Re: rewrite rule: MediaWiki to static site

a map. We will add more to static and more to Play overtime, as we already have, and this keeps on chugging. Best, Jeff On Mon, Aug 20, 2018 at 4:10 PM petecooper wrote: > Francis Daly Wrote: > > > In this case, it looks to me that you can probably "return" rather > >

Re: HTTPS over port 443

how about adding server { listen 80; redirect https://$host$request_uri 301; //YYMV as to what destination you need them to end up at. } On Tue, Aug 7, 2018 at 3:58 PM, fugee ohu wrote: > What do you mean by "also have a port 80 config" ? The port 80 configs > are my other sites that I ha

Re: Redirect without and SSL certificate

int of SSL identity validation. Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ On 18/07/18 17:10, Friscia, Michael wrote: > > We have a problem where we have a large number of vanity domain names > that are redirected. For example we have surgery.yale.edu w

Re: Monitoring http returns

specific to any one service, maybe even are at the network level. Of course, yes, active monitoring shouldn't be trying to DoS my service. ;-) Jeff Abrahamson https://www.p27.eu/jeff/ > On 11 Apr 2018, at 12:19 AM, Jeff Abrahamson wrote: > > I want to monitor nginx better:

Monitoring http returns

tive to an eventual change in log format. Is this, indeed, the recommended solution? And, for my better understanding, can anyone explain why this makes more sense than native nginx support of sending UDP packets to a monitor collector (in our case, telegraf)? -- Jeff Abrahamson +33 6 24 40 01

Re: 301 Redirect from www version to non www.

A couple things here guess. Is 80 even open in the firewall? Also could cloudflare be picking up 80 and redirecting to https, also this won't solve your problem, but having a server name prefixed with https is not valid, it may pass a configtest, but not sure that it would every match. On Fri, Ma

Re: domain only reachable with https:// in front

mode, rather than nginx, for certbot, so it's never modifies my configuration, as the sites-enabled files are managed by a configuration management system across about 100 domains, some with special requirements. HTH, Jeff On Tue, Nov 28, 2017 at 11:40 AM, pstnta wrote: > hi, > &

Re: nginx cache growing well above max_size threshold

You can actually can run H/2 through HAProxy, using ALPN to determine if the client understands H/2 I have the following (snippet of a) config that sends to different nginx ports based on the ALPN response. frontend https mode tcp bind 0.0.0.0:443 ssl crt /etc/haproxy/certs alpn h2,http/1.1 e

Re: Multiple certificates in one server block?

Jim is correct, letsencrypt supports that wow, sorry for trying to help, that was a bit caustic, that information would be helpful in the original question. Enjoy the weekend. On Fri, Aug 4, 2017 at 9:40 AM, Jim Ohlstein wrote: > Hello, > > On 08/04/2017 09:36 AM, Olaf van der Spek wrote: >

Re: Multiple certificates in one server block?

i assume you have some sort of UCC certificate, if so you should be able to use it with multiple server_names, but have multiple ssl_certificates in a single server block is a limitation of nginx from what i understand. Most relavant information is here: https://nginx.org/en/docs/http/ngx_http_ssl

Re: block google app

a Google crawler - they are end-user > requests from the Google App (mobile application). I'm not sure what the > motivation is for blocking them but I wouldn't consider it malicious / > unwanted traffic. > > On Thu, Jun 22, 2017 at 4:47 PM, Jeff Dyke wrote: > >> I&

Re: block google app

l start to find more that are after this directory. When i was at an image heavy start up, we had every one imaginable. Best, Jeff On Wed, Jun 21, 2017 at 3:40 PM, li...@lazygranch.com wrote: > I'm sending 403 responses now, so I screwed up by mistaking the fields > in the logs. I&#x

Re: invalid default_server parrameter

if you're using sni, you should be able to use _ as the server_name or remove default server b/c if this is going to represent many servers, from memory, default_server is not a value you want. for example i run nginx behind haproxy to create letsencrypt certs, which will listen to currently dozen

Re: Logging all requests onNginx

this might be helpful - http://stackoverflow.com/questions/12315832/how-to-fix-nginx-throws-400-bad-request-headers-on-any-header-testing-tools/17289826#comment16555393_12315832 On Wed, Apr 19, 2017 at 7:53 PM, Jeff Dyke wrote: > untested, but if you set error_log to the correct level,

Re: Logging all requests onNginx

untested, but if you set error_log to the correct level, it should log there as it likely received a > 300 response from the backends. I don't think you want these in your access logs, but i am suprised you don't get some sort of non < 400 response in those logs. But it's been a long day On W

nginx-extras

to avoid self compilation as all machines are managed via saltstack. and i would like to take advantage of the latest stable. Thanks for any info, even if only historical knowledge. I'll also put this on the ubuntu lists, but feel it will just get lost in the volume. Best,

Re: nginScript and accessing cookies

at first glance i thought this may be dead, but perhaps you'd should look here: https://www.nginx.com/blog/introduction-nginscript/, which supports both Plus and OSS versions. I've been working with the lua module via nginx-extras on ubuntu, they suit my needs, but that page may help

Re: upload xml file

what do you want it to do? if you're talking nginx without any application backend you could do a lot with some lua locations, or you're going to pass that request to another process, or serve a static (xml) file from the file system. Nginx does support XML just fine, its all a matter of what you

Re: another "bind() to 0.0.0.0:80 failed (98: Address already in use)" issue

immediately after install, and when i startup my virtual hosts all is well. Based on your statements that may/not be your issue, but something that bit me and regardless...something is listening on port 80, when you get that what does `sudo netstat -nap | grep LISTEN` show HTH Jeff On Wed, Feb 22, 2017 at

Re: Move from apacht to nginx

for a quick fix, but when changing webservers, give it a second though. location ~ /blah/fe { allow all; } I found that i never had to use this in nginx except for serving lets-encrypt certs out a directory, in nginx, but i use it more of a proxy for scala apps. Jeff On Sun, Feb 12, 2017 at 8

Re: SNI and certs.

configuration management tool (saltstack in my case). That's my philosophy on 80 vs 443 and a mixed case, i like the consistency in my configuration and the ability to maintain groups of configuration types based on site needs. And you do get a small SEO boost for being https forward. Jeff O

Re: Blocking tens of thousands of IP's

what is your firewall?, that is the place to block subnets etc, i assume they are not random ips, they are likely from a block owned by someone?? On Tue, Nov 1, 2016 at 5:37 PM, CJ Ess wrote: > I don't think managing large lists of IPs is nginx's strength - as far as > I can tell all of its ACLs

Re: Nginx proxy_pass not working as expected.

_pass http://a <http://example.org/>nything.you.want; } } HTH Jeff On Fri, Oct 28, 2016 at 9:12 AM, stuwat wrote: > Hi > > I have the virtualhost file configured as the following:- > > server { > server_name example.com; > > location / { > proxy_pass http://e

Re: proxy_protocol - access server directly

On Fri, Aug 12, 2016 at 4:49 PM, Roman Arutyunyan wrote: > On Fri, Aug 12, 2016 at 04:07:26PM -0400, Jeff Dyke wrote: > > Thank you Roman, i knew it would be painfully obvious once the solution > was > > presented to me > > > > Very much appreciate it! >

Re: proxy_protocol - access server directly

Thank you Roman, i knew it would be painfully obvious once the solution was presented to me Very much appreciate it! Jeff On Fri, Aug 12, 2016 at 2:29 PM, Roman Arutyunyan wrote: > Hello, > > On Fri, Aug 12, 2016 at 02:08:55PM -0400, Jeff Dyke wrote: > > i have configured

proxy_protocol - access server directly

"illegible characters" Thanks, Jeff ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Loadable Modules: Coming?

I remember hearing rumors that loadable module support was coming; is there anything planned here? (ngx_pagespeed would love to distribute as a loadable module, and if there are things we can be doing now to get ready I would be pretty excited to do them) _

expected behavior of --with-debug

In ngx_pagespeed we interpret --with-debug to mean "include debugging symbols and debug-only assertions". Is this what most people using nginx would expect? (We distribute two precompiled versions of PSOL, "debug" and "release", and we've been using --with-debug to switch between them. Now we're

Guide on switching from distro-provided nginx to nginx built from source?

ments) * how to copy your config over * how to keep and modify your nginx init script when uninstalling the distro-provided nginx * how to do all of this with minimal downtime and risk on a single VPS Jeff ___ nginx mailing list nginx@nginx.org http://

Re: Announcing ngx_pagespeed beta 1.5.27.1

ce.net (184.106.126.129) 117.579 ms > core1-CoreA.ord1.rackspace.net (184.106.126.125) 114.855 ms > core1-CoreB.ord1.rackspace.net (184.106.126.129) 117.336 ms > 16 184.106.126.69 (184.106.126.69) 115.970 ms 116.285 ms 115.802 ms > 17 67-207-141-173.static.cloud-ips.com (6

Announcing ngx_pagespeed beta 1.5.27.1

/forum/#!forum/ngx-pagespeed-announce Thanks to everyone who helped with getting us to beta, especially Otto van der Schaff, Chai Zhenhua, Weibin Yao, Junmin Xiong, and Ben Noordhuis. Jeff Kaufman Google ___ nginx mailing list nginx@nginx.org http